The European Banking Authority (EBA) and the European Central Bank (ECB) have published the 2025 edition of their report, revealing fraudsters adapting and an increase in fraud rates.
Covering the semi-annual data for 2022 to 2024, the EBA-ECB joint report attests that the legal requirement for strong customer authentication (SCA) launched in 2020 has positively contributed to minimising fraud rates across Europe. Nevertheless, the two European regulators underline the need for permanent vigilance and for security measures to be adjusted to mitigate emerging types of fraud.
Methodology
To come to these findings, the EBA and the ECB examined payment fraud reported by the industry across the European Economic Area (EEA), which reached EUR 3.4 billion in 2022, EUR 3.5 billion in 2023, and EUR 4.2 billion in 2024. Additionally, the report assesses the total number of payment transactions and the subsection of fraudulent transactions when it comes to value and volume.
Besides aggregated values, the report provides data divided by means of payment, including credit transfers, direct debits, card payments, cash withdrawals, and e-money transactions. The two regulators also included breakdowns based on each country.
SCA aiding in fraud prevention
According to the EBA and the ECB’s findings, transactions that went through verification with SCA were mostly less susceptible to fraud compared to those without it. This was most prevalent for card payments. When it comes to other payment types, such as credit transfers, this effect was not as clear. Remarkably, card payment fraud was 17 times higher when the payment recipient resided outside of the EEA, where SCA is not imposed by law and usually not implemented.
The report proves the positive effect of the SCA requirements that were rolled out under the revised EU Payment Services Directive (PSD2) in 2020 and the supporting technical standards issued by the EBA, in collaboration with the ECB, in 2018.
The emergence of new fraud types
In addition to the increase in fraud rates, the EEA also saw new types of fraud throughout the analysed period. These mostly target transactions for which an SCA exemption is applied or manipulate legitimate users into authenticating fraudulent transactions.
